Vulnerabilities in Ping Identity
49 resultsCVE-2021-41992HIGHPingID Windows Login RSA cryptographic weakness with possible offline MFA bypassEPSS 0.5%CVE-2023-34085LOWUser Attribute Disclosure via DynamoDB Data StoresEPSS 0.5%CVE-2023-40148MEDIUMPingFederate Server Side Request Forgery vulnerabilityEPSS 0.5%CVE-2024-22377MEDIUMPingFederate Runtime Node Path TraversalEPSS 0.4%CVE-2024-23983MEDIUMAccess rules for PingAccess may be circumvented with URL-encoded charactersEPSS 0.4%CVE-2021-39270—In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.EPSS 0.4%CVE-2022-23724MEDIUMPingID Integration for Windows Login MFA BypassEPSS 0.4%CVE-2023-40702HIGHPingOne MFA Integration Kit MFA bypassEPSS 0.4%CVE-2023-40356HIGHPingOne MFA Integration Kit MFA bypassEPSS 0.4%CVE-2025-27935HIGHAuthentication Bypass in OTP (One-time Passcode) IdP Adapter Integration KitEPSS 0.4%CVE-2025-26862NONEPingFederate unexpected browser flow initiation in redirectless modeEPSS 0.3%CVE-2022-40722HIGHMisconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.EPSS 0.3%CVE-2024-25573MEDIUMStored Cross-Site Scripting in Administrative Console ContextEPSS 0.3%CVE-2025-22854MEDIUMPossible thread exhaustion from processing http responses in PingFederate Google AdapterEPSS 0.3%CVE-2025-21085LOWPingFederate OAuth Grant attribute duplication may use excessive memoryEPSS 0.3%CVE-2026-20746MEDIUMPingDirectory copying of virtual attributes leads to memory exhaustionEPSS 0.3%CVE-2022-23719HIGHPingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requestsEPSS 0.3%CVE-2024-21832LOWPingFederate REST API Data Store InjectionEPSS 0.2%CVE-2025-20628MEDIUMInsufficient granularity of access control for Remote Connector Servers in client modeEPSS 0.2%CVE-2022-23720HIGHPingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties fileEPSS 0.2%